Method and System for Securing Data of a Mobile Communications Device

1. A method of securing data of a mobile communications device, the method comprising: generating, at the mobile communications device, an encryption key using at least information specific to the mobile communications device, wherein the encryption key is specific to the mobile communications device and unknown to other devices including a first server, wherein the encryption key is a private encryption key for both encryption and decryption; storing the encryption key in the mobile communications device, wherein the encryption key is not exportable from the mobile communications device; determining, at the mobile communications device, in response to installation or removal of a file manager application, that first application data is data received from or for sending to the first server; in response to determining that the first application data is data received from or for sending to the first server, encrypting the first application data with the encryption key stored in the mobile communications device; storing the encrypted first application data on a memory; receiving, after storing the encrypted first application data, a request to access the first application data from a second application or a service on the mobile communications device; determining that the second application or service is authorized to access data associated with the first server; and in response to determining that the second application or service is authorized to access data associated with the first server, decrypting the first application data with the encryption key.

2. The method of claim 1 further comprising: detecting a wipe event from the first server; and upon said detecting of the wipe event, deleting the encryption key.

3. The method of claim 2 further comprising, upon said detecting of the wipe event, deleting the encrypted first application data.

4. The method of claim 1 wherein the memory is a removable memory.

5. The method of claim 1 wherein determining whether the second application or service is authorized comprises determining whether the second application or service is on an access list.

6. The method of claim 1 wherein determining whether the second application or service is authorized is performed by a file system module of the mobile communications device.

7. The method of claim 1 further comprising verifying a user's identity before decrypting the first application data.

8. The method of claim 1 further comprising: generating, at the communication device, header or file extension information for the first application data, indicating that the first application data is data associated with the first server.

9. The method of claim 1 further comprising: receiving second application data on the mobile communications device; determining the second application data is data associated with a second server; encrypting the second application data with a second encryption key stored in the mobile communications device; and storing the encrypted second application data on the memory.

10. The method of claim 1 wherein determining the first application data is data received from or for sending to the first server is further based on an indication that the first application data is received from or for sending to the first server.

11. The method of claim 1 wherein storing the encrypted first application data includes storing a server indicator with the encrypted first application data.

12. The method of claim 1 wherein storing the encryption key includes securing the encryption key.

13. The method of claim 1 wherein the first server comprises an enterprise server and wherein said determining that the first application data is data from the first server includes further determining that the first application data is enterprise data.

14. The method of claim 1 further comprising, in response to determining that the encryption key has not yet been generated, the mobile communications device generating the encryption key using at least information specific to the mobile communications device.

15. The method of claim 1 wherein the encryption key is generated by the mobile communications device using a hash function using at least information specific to the mobile communications device.

16. The method of claim 1 wherein the information specific to the mobile communications device comprises a random or pseudorandom number generated by the mobile communications device.

17. A mobile communications device comprising: a processor; memory; and a communication subsystem for sending and receiving communications with a server; the processor being configured for generating an encryption key using at least information specific to the mobile communications device, wherein the encryption key is specific to the mobile communications device and unknown to other devices including the server, wherein the encryption key is a private encryption key for both encryption and decryption; storing the encryption key in the mobile communications device, wherein the encryption key is not exportable from the mobile communications device; determining, in response to installation or removal of a file manager application, that application data is data received from or for sending to the server; in response to determining that the application data is data received from or for sending to the server, encrypting the application data with the encryption key stored in the mobile communications device; storing the encrypted application data in the memory; receiving, after storing the encrypted application data, a request to access the encrypted application data by a second application or a service on the device; determining that the second application or service is authorized to access the encrypted application data; and in response to determining that the second application or service is authorized to access data associated with the server, decrypting the application data.

18. The mobile communications device of claim 17 wherein when a wipe event is detected, the processor is configured to delete the encryption key.

19. The mobile communications device of claim 18 wherein when the wipe event is detected, the processor is further configured to delete the encrypted application data stored in the memory.

20. The mobile communications device of claim 17 wherein the memory is a removable memory.

21. The mobile communications device of claim 17 wherein the processor is further configured for determining whether the second application or service is authorized to access the encrypted application data based on an access list stored in the mobile communications device.

22. The mobile communications device of claim 21 wherein the processor includes a file system module configured for determining whether the second application or service is authorized to access the encrypted application data.

23. The mobile communications device of claim 17 wherein the processor is further configured for generating header or file extension information for the application data, indicating that the application data is data associated with the server.

24. The mobile communications device of claim 17 wherein the processor is configured for distinguishing between application data associated with a first server and data associated with a second server.

25. The mobile communications device of claim 24 wherein if first application data is received by the communication subsystem, the processor is configured for determining whether the first application data is associated with the first server or the second server based on an indication that the first application data was received via or is for sending to the first server or the second server.

26. The mobile communications device of claim 24 wherein the processor is configured for distinguishing between application data associated with the first server and application data associated with the second server based on stored header or metadata information.

27. The mobile communications device of claim 17 wherein the processor is further configured for verifying a user's identity before decrypting the encrypted application data.

28. A non-transitory computer readable medium having instructions stored thereon for securing data of a mobile communications device, the instructions comprising instructions for: generating, at the mobile communications device, an encryption key using at least information specific to the mobile communications device, wherein the encryption key is specific to the mobile communications device and unknown to other devices including a first server, wherein the encryption key is a private encryption key for both encryption and decryption; storing the encryption key in the mobile communications device, wherein the encryption key is not exportable from the mobile communications device; determining, at the mobile communications device, in response to installation or removal of a file manager application, that first application data is data received from or for sending to the first server; in response to determining that the first application data is data received from or for sending to the first server, encrypting the first application data with the encryption key stored in the mobile communications device; storing the encrypted first application data on a memory; receiving, after storing the encrypted first application data, a request to access the first application data from a second application or a service on the mobile communications device; determining that the second application or service is authorized to access the data associated with the first server; and in response to determining that the second application or service is authorized to access data associated with the first server, decrypting the first application data with the encryption key.